The still little-known hacks, which surfaced May 22-26, appear to
be among the most dangerous cyber-attacks yet deployed to sabotage a
national election - and a warning shot for future elections in the
US and abroad, political scientists and cyber experts say.

National elections in the Netherlands, Norway, and other nations
have seen hackers probe Internet-tied election systems, but never
with such destructive abandon, said experts monitoring the Ukraine
vote.

"This is the first time we've seen a cyber-hacktivist
organization act in a malicious way on such a grand scale to try to
wreck a national election," says Joseph Kiniry, an Internet voting
systems cyber-security expert. "To hack in and delete everything on
those servers is just pillaging, wanton destruction."

That wanton destruction began four days ahead of the national
vote, when CyberBerkut, a group of pro-Russia hackers, infiltrated
Ukraine's central election computers and deleted key files,
rendering the vote-tallying system inoperable. The next day, the
hackers declared they had "destroyed the computer network
infrastructure" for the election, spilling e-mails and other
documents onto the web as proof.

A day later, government officials said the system had been
repaired, restored from backups, and was ready to go. But it was
just the beginning.

Only 40 minutes before election results were to go live on
television at 8 p.m., Sunday, May 25, a team of government cyber
experts removed a "virus" covertly installed on Central Election
Commission computers, Ukrainian security officials said later.

If it had not been discovered and removed, the malicious software
would have portrayed ultra-nationalist Right Sector party leader
Dmytro Yarosh as the winner with 37 percent of the vote (instead of
the 1 percent he actually received) and Petro Poroshenko (the
actually winner with a majority of the vote) with just 29 percent,
Ukraine officials told reporters the next morning.

Curiously, Russian Channel One aired a bulletin that evening
declaring Mr. Yarosh the victor with 37 percent of the vote over Mr.
Poroshenko with 29 percent, Ukraine officials said.

"Offenders were trying by means of previously installed software
to fake election results in the given region and in such a way to
discredit general results of elections of the President of Ukraine,"
the Ukrainian Security Service (SBU) said in a statement.

Still, there was more to come.

In the wee hours of the morning after polls closed, as results
flowed in from Ukrainian election districts, Internet links feeding
that data to the vote tally system were hit with a barrage of fake
data packets - known as distributed denial of service (DDoS)
attacks. So from about 1 to 3 a.m. on May 26, election results were
blocked, delaying the finally tally until the early morning, a
preliminary report by international election observers recounted.

An analysis of the DDoS attack by Arbor Networks, a Burlington,
Mass., cyber-security company, ties it to CyberBerkut.

In the end, international observers declared Ukraine's vote "a
genuine election." But US researchers say it's clear that Ukraine
dodged a major cyber-bullet.

"We've seen vote fraud before in Ukraine, including a rigged
computer system in 2004," says Peter Ordeshook, a California
Institute of Technology political scientist. "But this wasn't an
effort to steal the election outcome, so much as to steal the
election itself - by entirely discrediting it in the eyes of key
segments of the population in Ukraine and in Russia, too."

While it was well understood across most of Ukraine and
internationally that the far-right candidate Yarosh had little
political support, the faked results would have lent credibility to
Russian-inspired accounts that the popular revolt last fall against
the Ukraine government was fomented by ultra-nationalists. …